Hackers encrypt the vaccination certificates of the Brazilian population with ransomware

A hacking group calling itself Lapsus$ Group claims to have encrypted with ransomware and stolen some 50 TB of information from Brazil’s Ministry of Health, including millions of COVID-19 vaccination records and certificates.

The attack was confirmed on the Health Ministry’s website, as the hackers even replaced Brazil’s official government image with what appears to be their own logo, as well as adding a message demanding the government contact them to negotiate a ransom payment.

According to a ZDNet report, threat actors compromised the ConecteSUS app, used by Brazilian citizens to track their medical records, including details such as COVID-19 vaccine application, laboratory tests, hospital admissions and prescription drugs, among other details.

Rodrigo Cruz, Brazil’s deputy health minister has already confirmed that the responsible authorities are trying to restore the affected systems, so information related to COVID-19 vaccination will remain temporarily inaccessible.

In the most recent update on the incident, Cruz confirmed that the process of recovering the compromised information was successfully completed, although no details have been added about the recovery method used by the authorities or if any ransom was paid.

The incident had a real impact on some plans of the Brazilian government, as a plan to apply COVID-19 tests to unvaccinated passengers had to be delayed; Although Brazilian authorities believed this plan would take effect this weekend, its implementation will have to be delayed by at least another week.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.